CVE-2006-5229

Publication date 10 October 2006

Last updated 17 July 2025

Ubuntu priority

OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openssh	7.04 feisty	Ignored
	6.10 edgy	Ignored
	6.06 LTS dapper	Ignored

How can I get the fixes?
What do statuses mean?

Notes

kees

up to administrators to resolve module usage

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2006-5229